WHAT IS CLAIMED IS: 



1. A gateway device for carrying out a data relaying at a 
transport or upper layer between a first terminal device 

5 and a second terminal device which are capable of carrying 
out communications through networks, the gateway device 
comprising: 

a security information management unit configured to 
manage information regarding a security association set up 
10 between the first terminal device and the second terminal 
device in order to carry out communications with guaranteed 
data secrecy between the first terminal device and the 
second terminal device; 

a data decryption unit configured to obtain decrypted 
15 data by decrypting encrypted data received from the first 
terminal device or the second terminal device, by utilizing 
the information regarding the security association at a 
time of relaying the communications with guaranteed data 
secrecy between the first terminal device and the second 
20 terminal device; 

a data relay unit configured to carry out the data 
relaying at the transport or upper layer according to the 
decrypted data; and 

a data encryption unit configured to encrypt data to 
25 be transmitted from the gateway device by utilizing the 
information regarding the security association. 

2. The gateway device of claim 1, wherein the gateway 
device carries out the data relaying between the first 

30 terminal device which is a radio terminal device 

accommodated in a radio network and the second terminal 
device which is a wired terminal device accommodated in a 
wired network. 

35 3. The gateway device of claim 1, wherein the security 
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information management unit manages the information 
regarding- the security association which is provided from 
the first terminal device or the second terminal device. 



5 4. The gateway device of claim 1, wherein the security 
information management unit manages the information 
regarding the security association which is provided from a 
security server for managing security of the data at a time 
of carrying out the communications of the data of the 
10 transport or upper layer between the first terminal device 
and the second terminal device. 

5. The gateway device of claim 1, wherein the security 
information management unit manages the information 
15 regarding the security association which is generated by a 
security server for managing security of the data and 
distributed from the security server to the first terminal 
device and the second terminal device. 

20 6. The gateway device of claim 1, wherein the security 
information management unit manages the information 
regarding the security association which is retrieved from 
a database by a security server for managing security of 
the data by using a retrieval key provided with respect to 

25 the first terminal device and the second terminal device. 

7. The gateway device of claim 1, wherein the first 
terminal device is a mobile terminal device, and the 
gateway device further comprises: 

30 a handoff control unit configured to transfer the 

information regarding the security association to a next 
gateway device when the first terminal moves from an area 
covered by the gateway device to an area covered by the 
next gateway device, and to control an operation of the 

35 gateway device according to the information regarding the 



-34- 



security association which is transferred from a previous 
gateway device when the first terminal moves from an area 
of the previous gateway device to an area covered by the 
gateway device. 

5 

8. The gateway device of claim 7, wherein the handoff 
control unit controls the operation of the gateway device 
also according to a state of the transport or upper layer. 

10 9. The gateway device of claim 1, further comprising: 
a processing unit configured to obtain decapsulated 
data by decapsulating encapsulated data received from the 
first terminal device or the second terminal device, judge 
whether the data relaying at the transport or upper layer 

15 is necessary or not according to the decapsulated data, 

control the data relay unit to carry out the data relaying 
at the transport or upper layer when the data relaying at 
the transport or upper layer is judged as necessary, and 
encrypt data to be transmitted from the gateway device. 

20 

10. A gateway device for carrying out a data relaying at a 
transport or upper layer between a first terminal device 
and a second terminal device which are capable of carrying 
out communications through networks, the gateway device 

25 comprising: 

a security information management unit configured to 
manage information regarding a security association set up 
between the first terminal device and the second terminal 
device in order to carry out communications with guaranteed 

30 data authenticity between the first terminal device and the 
second terminal device; 

a data relay unit configured to carry out the data 
relaying at the transport or upper layer; and 

an authentication information attaching unit 

35 configured to attach authentication information to data to 
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be transmitted from the gateway device by utilizing the 
information regarding the security association. 

11. The gateway device of claim 10, wherein the gateway 
device carries out the data relaying between the first 
terminal device which is a radio terminal device 
accommodated in a radio network and the second terminal 
device which is a wired terminal device accommodated in a 
wired network. 

12. The gateway device of claim 10, wherein the security 
information management unit manages the information 
regarding the security association which is provided from 
the first terminal device or the second terminal device. 

13. The gateway device of claim 10, wherein the security 
information management unit manages the information 
regarding the security association which is provided from a 
security server for managing security of the data at a time 
of carrying out the communications of the data of the 
transport or upper layer between the first terminal device 
and the second terminal device. 

14. The gateway device of claim 10, wherein the security 
information management unit manages the information 
regarding the security association which is generated by a 
security server for managing security of the data and 
distributed from the security server to the first terminal 
device and the second terminal device. 

15. The gateway device of claim 10, wherein the security 
information management unit manages the information 
regarding the security association which is retrieved from 
a database by a security server for managing security of 
the data by using a retrieval key provided with respect to 
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the first terminal device and the second terminal device. 

16. The gateway device of claim 10, wherein the first 
terminal device is a mobile terminal device, and the 

5 gateway device further comprises: 

a handoff control unit configured to transfer the 
information regarding the security association to a next 
gateway device when the first terminal moves from an area 
covered by the gateway device to an area covered by the 

10 next gateway device, and to control an operation of the 
gateway device according to the information regarding the 
security association which is transferred from a previous 
gateway device when the first terminal moves from an area 
of the previous gateway device to an area covered by the 

15 gateway device. 

17. The gateway device of claim 16, wherein the handoff 
control unit controls the operation of the gateway device 
also according to a state of the transport or upper layer. 

20 

18. The gateway device of claim 10, further comprising: 
a processing unit configured to obtain decapsulated 

data by decapsulating encapsulated data received from the 
first terminal device or the second terminal device, judge 

25 whether the data relaying at the transport or upper layer 
is necessary or not according to the decapsulated data, 
control the data relay unit to carry out the data relaying 
at the transport or upper layer when the data relaying at 
the transport or upper layer is judged as necessary, and 

30 encrypt data to be transmitted from the gateway device. 

19. A method for carrying out a data relaying at a 
transport or upper layer in a gateway device between a 
first terminal device and a second terminal device which 

35 are capable of carrying out communications through 
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networks, the method comprising: 

managing information regarding a security association 
set up between the first terminal device and the second 
terminal device in order to carry out communications with 
5 guaranteed data secrecy between the first terminal device 
and the second terminal device; 

obtaining decrypted data by decrypting encrypted data 
received from the first terminal device or the second 
terminal device, by utilizing the information regarding the 
10 security association at a time of relaying the 

communications with guaranteed data secrecy between the 
first terminal device and the second terminal device; 

carrying out the data relaying at the transport or 
upper layer according to the decrypted data; and 
15 encrypting data to be transmitted from the gateway 

device by utilizing the information regarding the security 
association . 

20. A method for carrying out a data relaying at a 
20 transport or upper layer in a gateway device between a 
first terminal device and a second terminal device which 
are capable of carrying out communications through 
networks, the method comprising: 

managing information regarding a security association 
25 set up between the first terminal device and the second 

terminal device in order to carry out communications with 
guaranteed data authenticity between the first terminal 
device and the second terminal device; 

carrying out the data relaying at the transport or 
30 upper layer; and 

attaching authentication information to data to be 
transmitted from the gateway device by utilizing the 
information regarding the security association. 

35 21. A computer usable medium having computer readable 
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program codes embodied therein for causing a computer to 
function as a gateway device for carrying- out a data 
relaying at a transport or upper layer between a first 
terminal device and a second terminal device which are 
5 capable of carrying out communications through networks, 
the computer readable program codes include: 

a first computer readable program code for causing 
said computer to manage information regarding a security 
association set up between the first terminal device and 

10 the second terminal device in order to carry out 

communications with guaranteed data secrecy between the 
first terminal device and the second terminal device; 

a second computer readable program code for causing 
said computer to obtain decrypted data by decrypting 

15 encrypted data received from the first terminal device or 
the second terminal device, by utilizing the information 
regarding the security association at a time of relaying 
the communications with guaranteed data secrecy between the 
first terminal device and the second terminal device; 

20 a third computer readable program code for causing 

said computer to carry out the data relaying at the 
transport or upper layer according to the decrypted data; 
and 

a fourth computer readable program code for causing 
25 said computer to encrypt data to be transmitted from the 
gateway device by utilizing the information regarding the 
security association. 

22. A computer usable medium having computer readable ■ 
30 program codes embodied therein for causing a computer to 
function as a gateway device for carrying out a data 
relaying at a transport or upper layer between a first 
terminal device and a second terminal device which are 
capable of carrying out communications through networks, 
35 the computer readable program codes include: 
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a first computer readable program code for causing 
said computer to manage information regarding a security- 
association set up between the first terminal device and 
the second terminal device in order to carry out 
5 communications with guaranteed data authenticity between 
the first terminal device and the second terminal device; 

a second computer readable program code for causing 
said computer to carry out the data relaying at the 
transport or upper layer; and 
10 a third computer readable program code for causing 

said computer to attach authentication information to data 
to be transmitted from the gateway device by utilizing the 
information regarding the security association. 
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